Certified in the Governance of Enterprise IT (CGEIT) — Question 29

An enterprise wants to address the human factors of social engineering risk within the organization. From a governance perspective, which of the following is the
BEST way to mitigate this risk?

Answer options

• A. Mandate security requirements be included in employee contracts.
• B. Distribute the social media information security policy to staff.
• C. Mandate annual security awareness training.
• D. Restrict access to social media.

Correct answer: C

Explanation

Mandating annual security awareness training is the best way to address human factors as it educates employees on recognizing and preventing social engineering threats. While including security requirements in contracts and distributing policies are helpful, they do not provide ongoing education. Restricting access to social media may reduce exposure but does not address the underlying knowledge gaps that training aims to fill.